CVE-2025-34504
MEDIUM WAF: Medium
CVSS 6.1
Published: 2025-12-11
CWE-601
KodExplorer 4.52 contains an open redirect vulnerability in the user login page that allows attackers to manipulate the 'link' parameter. Attackers can craft malicious URLs in the link parameter to redirect users to arbitrary external websites after authentication.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| kodcloud | kodexplorer | 4.52 |
References
- github.com (Release Notes)
- kodcloud.com (Product)
- www.exploit-db.com (Exploit, Third Party Advisory, VDB Entry)
- www.vulncheck.com (Third Party Advisory)